826 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
826 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
827 \mode<presentation>{ |
827 \mode<presentation>{ |
828 \begin{frame}[c] |
828 \begin{frame}[c] |
829 \frametitle{Exchange of a Fresh Key} |
829 \frametitle{Exchange of a Fresh Key} |
830 |
830 |
|
831 \bl{$A$} and \bl{$B$} share the key \bl{$K_{AB}$} and want to share another key |
|
832 |
831 \begin{itemize} |
833 \begin{itemize} |
832 \item assumption \bl{$K_{AB}$} is only known to \bl{$A$} and \bl{$B$}\bigskip |
834 \item assumption \bl{$K_{AB}$} is only known to \bl{$A$} and \bl{$B$}\bigskip |
833 \item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$} |
835 \item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$} |
834 \item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$} |
836 \item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$} |
835 \item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$} |
837 \item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$} |
836 \item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$} |
838 \item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$} |
837 \end{itemize}\bigskip\pause |
839 \item<2> \bl{$A \,\text{sends}\, B : \{msg\}_{K^{new}_{AB}}$} |
838 |
840 \end{itemize}\bigskip |
839 We hope \bl{$K^{new}_{AB}$} is only known to \bl{$A$} and \bl{$B$}.\\ |
841 |
840 \bl{$N^{new}_B$} is to be used in future messages |
842 \bl{$N^{new}_B$} is to be used in future messages\\ |
|
843 Assume \bl{$K^{new}_{AB}$} is compromised by \bl{$I$} |
841 \end{frame}} |
844 \end{frame}} |
842 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
845 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
843 |
846 |
844 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
847 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
845 \mode<presentation>{ |
848 \mode<presentation>{ |
846 \begin{frame}[c] |
849 \begin{frame}[c] |
847 \frametitle{The Attack} |
850 \frametitle{The Attack} |
848 |
851 |
849 An intruder \bl{$I$} convinces \bl{$B$} to accept an old compromised key |
852 An intruder \bl{$I$} convinces \bl{$A$} to accept the compromised key \bl{$K^{new}_{AB}$}\medskip |
850 |
853 |
|
854 \begin{minipage}{1.1\textwidth} |
851 \begin{itemize} |
855 \begin{itemize} |
852 \item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$} |
856 \item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$} |
853 \item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$} |
857 \item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$} |
854 \item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$} |
858 \item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$} |
855 \item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\pause |
859 \item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\;\;recorded by \bl{$I$}\pause |
|
860 \item \bl{$A \,\text{sends}\, B : A, \{M_A\}_{K_{AB}}$} |
|
861 \item \bl{$B\,\text{sends}\, A : \{M_A + 1, M_B\}_{K_{AB}}$} |
|
862 \item \bl{$A \,\text{sends}\, B : \{M_B + 1\}_{K_{AB}}$} |
|
863 \item \bl{$B \,\text{sends}\, I : \{K^{anew}_{AB}, N^{anew}_B\}_{K_{AB}}$}\;intercepted by \bl{$I$} |
|
864 \item \bl{$I \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\pause |
|
865 \item \bl{$A \,\text{sends}\, B : \{msg\}_{K^{new}_{AB}}$} |
856 \end{itemize} |
866 \end{itemize} |
|
867 \end{minipage} |
857 |
868 |
858 \end{frame}} |
869 \end{frame}} |
859 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
870 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
860 |
871 |
861 \end{document} |
872 \end{document} |